flapflap wrote (14 Jun 2014 18:52:26 GMT) : > Just one thing: how would you ensure that you can trust a key's signature?
In practice, based on the current state of things, I've been able to
carefully verify keys for at least one member of each Git-using
translation team, so that should not be a problem.
In the future, when new teams want to join us, that's actually not
a substantially different problem than "how to trust a new translation
team?" -- once we decide we trust that $EMAIL_ADDRESS won't put
anything fishy on the Tails website, and we will take pull requests
from them (which is the current situation), we can as well root
cryptographic trust in the public keys $EMAIL sends us at this time.
It's just the same thing as we're doing nowadays, but using an OpenPGP
key instead of $EMAIL_ADDRESS as the authenticator, using TOFU in the
worst case to match keys to email addresses.